reload all NGINX servers after adding a vhost (#90)
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Currently, only the NGINX server on biloba is reloaded after adding a new vhost or renewing an SSL certificate. The NGINX server on chamomile should also be reloaded, since chamomile is a warm standby for biloba. This PR adds a new config option in ceod.ini to specify the shell command to reload the web servers. Reviewed-on: #90 Co-authored-by: Max Erenberg <merenber@csclub.uwaterloo.ca> Co-committed-by: Max Erenberg <merenber@csclub.uwaterloo.ca>
This commit is contained in:
parent
4394c4e277
commit
f84965c8e1
|
|
@ -4,7 +4,7 @@ import os
|
||||||
import re
|
import re
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
from typing import List, Dict, Tuple
|
from typing import List, Dict, Tuple, Union
|
||||||
|
|
||||||
import jinja2
|
import jinja2
|
||||||
from zope import component
|
from zope import component
|
||||||
|
|
@ -53,6 +53,7 @@ class VHostManager:
|
||||||
self.max_vhosts_per_account = cfg.get('cloud vhosts_max_vhosts_per_account')
|
self.max_vhosts_per_account = cfg.get('cloud vhosts_max_vhosts_per_account')
|
||||||
self.vhost_ip_min = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_min'))
|
self.vhost_ip_min = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_min'))
|
||||||
self.vhost_ip_max = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_max'))
|
self.vhost_ip_max = ipaddress.ip_address(cfg.get('cloud vhosts_ip_range_max'))
|
||||||
|
self.reload_web_server_cmd = cfg.get('cloud vhosts_reload_web_server_cmd')
|
||||||
|
|
||||||
self.acme_challenge_dir = cfg.get('cloud vhosts_acme_challenge_dir')
|
self.acme_challenge_dir = cfg.get('cloud vhosts_acme_challenge_dir')
|
||||||
self.acme_dir = '/root/.acme.sh'
|
self.acme_dir = '/root/.acme.sh'
|
||||||
|
|
@ -82,12 +83,12 @@ class VHostManager:
|
||||||
"""Return a list of all vhost files for this user."""
|
"""Return a list of all vhost files for this user."""
|
||||||
return glob.glob(os.path.join(self.vhost_dir, username + '_*'))
|
return glob.glob(os.path.join(self.vhost_dir, username + '_*'))
|
||||||
|
|
||||||
def _run(self, args: List[str]):
|
def _run(self, args: Union[List[str], str], **kwargs):
|
||||||
subprocess.run(args, check=True)
|
subprocess.run(args, check=True, **kwargs)
|
||||||
|
|
||||||
def _reload_web_server(self):
|
def _reload_web_server(self):
|
||||||
logger.debug('Reloading NGINX')
|
logger.debug('Reloading NGINX')
|
||||||
self._run(['systemctl', 'reload', 'nginx'])
|
self._run(self.reload_web_server_cmd, shell=True)
|
||||||
|
|
||||||
def is_valid_domain(self, username: str, domain: str) -> bool:
|
def is_valid_domain(self, username: str, domain: str) -> bool:
|
||||||
if VALID_DOMAIN_RE.match(domain) is None:
|
if VALID_DOMAIN_RE.match(domain) is None:
|
||||||
|
|
@ -150,7 +151,7 @@ class VHostManager:
|
||||||
self.acme_sh, '--install-cert', '-d', domain,
|
self.acme_sh, '--install-cert', '-d', domain,
|
||||||
'--key-file', key_path,
|
'--key-file', key_path,
|
||||||
'--fullchain-file', cert_path,
|
'--fullchain-file', cert_path,
|
||||||
'--reloadcmd', 'systemctl reload nginx',
|
'--reloadcmd', self.reload_web_server_cmd,
|
||||||
])
|
])
|
||||||
|
|
||||||
def _delete_cert(self, domain: str, cert_path: str, key_path: str):
|
def _delete_cert(self, domain: str, cert_path: str, key_path: str):
|
||||||
|
|
|
||||||
|
|
@ -97,6 +97,7 @@ members_domain = csclub.cloud
|
||||||
k8s_members_domain = k8s.csclub.cloud
|
k8s_members_domain = k8s.csclub.cloud
|
||||||
ip_range_min = 172.19.134.10
|
ip_range_min = 172.19.134.10
|
||||||
ip_range_max = 172.19.134.160
|
ip_range_max = 172.19.134.160
|
||||||
|
reload_web_server_cmd = /root/bin/reload-nginx.sh
|
||||||
|
|
||||||
[k8s]
|
[k8s]
|
||||||
members_clusterrole = csc-members-default
|
members_clusterrole = csc-members-default
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,7 @@ members_domain = csclub.cloud
|
||||||
k8s_members_domain = k8s.csclub.cloud
|
k8s_members_domain = k8s.csclub.cloud
|
||||||
ip_range_min = 172.19.134.10
|
ip_range_min = 172.19.134.10
|
||||||
ip_range_max = 172.19.134.160
|
ip_range_max = 172.19.134.160
|
||||||
|
reload_web_server_cmd = systemctl reload nginx
|
||||||
|
|
||||||
[k8s]
|
[k8s]
|
||||||
members_clusterrole = csc-members-default
|
members_clusterrole = csc-members-default
|
||||||
|
|
|
||||||
|
|
@ -90,6 +90,7 @@ members_domain = csclub.cloud
|
||||||
k8s_members_domain = k8s.csclub.cloud
|
k8s_members_domain = k8s.csclub.cloud
|
||||||
ip_range_min = 172.19.134.10
|
ip_range_min = 172.19.134.10
|
||||||
ip_range_max = 172.19.134.160
|
ip_range_max = 172.19.134.160
|
||||||
|
reload_web_server_cmd = systemctl reload nginx
|
||||||
|
|
||||||
[k8s]
|
[k8s]
|
||||||
members_clusterrole = csc-members-default
|
members_clusterrole = csc-members-default
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue